Explicit content site opens when I enter overunity.com

[hartiberlin]

Hi Stefan,

I've used a software called moblock (gui control is mobloquer) to disallow connections from various hosts based on online databases that are constantly updated for specific types of hosts or abusive IP ranges. It was originally posted for torrent connections but would work fine for abusive hosts connections to an http server and you can make a custom config file to add hosts not caught by the databases you choose.

IPTABLES is the default firewalling program for linux kernels and has many graphical front ends to work with (firestarter, firewallbuilder, webadmin plugin, etc.) that will do just what moblock does (in fact it is what moblock uses to function).

FAIL2BAN is a nice program that crawls your logs in /var/log and will selectively look for abusive behavior aimed at services like ssh, http, https, xinetd, PAM, etc. and ban the abusive IPs for a specified length of time (I use it for ssh and http(s) ) using iptables rules.

/etc/hosts.deny is a tried and true fall back to disallow certain IPs access
to web services but requires manual filtering of the logs for abuse and manual entry into the file to ban them.

For ease of use, I'd try mixture of moblock  and fail2ban first as they are a "safer" way to manipulate iptables more easily.

Hand hacking iptables rules from command line works just as well, but command syntax is sometimes pretty arcane.

WARNING: With any of these tools it IS possible to lock out any type of network access to the machine if you misconfigure them!!!!

You might want to configure and test them with nmap or wireshark on a differnet machine/test LAN, and then copy the successfully tested configs over to the production machine (web server).

Hope That Helps!

Hmm,
I don´t have access to the server´s IPTables over here at the
hosting company cause it is running a special clustered server configuration.

So I would need a PHP based firewall script or something
simular.

I have looked around, but so far found no
real good open source script, only one for 120 US$:

http://firewallscript.com/

Does anybody of you use it ?

Is it good ?

Regards, Stefan.

[exxcomm0n]

Sorry Stefan,

I forget you're on a hosting server.

I've gone to servage.net and looked at the options and features of the account and the only user configurable security I see is the ability to use an .htaccess file for per directory permissions.

The only other thing I can see is to really explore the web based administration panel and see if there is host.deny or any other access control method available to you there.

I'm looking into the PHP Firewallscript and I think it's your best bet if your site management actions are limited, but remember to ask tech support if there are any other options as they will know their  environment best.

EDIT:

This is from the wiki @ servage:

How do I deny one/multiple IP-adresses/hostnames/domains with .htaccess files?

Copy these lines below into a .htaccess file:

AuthName "Access for webmaster only."
AuthType Basic
<Limit GET POST>
order deny,allow
deny from all
allow from 11.222.123.99
</Limit>

Change "11.222.123.99" with your own IP-adress (use only if you have static IP).

With more IP-adresses/hostnames/domains:

# Block a subnet, e.g. 123.234.56.0 through 123.234.56.255
deny from 123.234.56.

# Block a specific host name
deny from machine.domain.com

# Block a given domain name:
deny from .otherdomain.com


EDIT 2:

about Firewallscript:

FireWall Script requires PHP5 and ioncube to run. ioncube loaders are included with the software, however there is still a possibility your host will need to load ioncube via php.ini, depending on the server configuration.

Our software does not use any database engine at this time.

2 things a re a little worrisome. There have been no new posts in the forum since Sept. 2008 and:

"Perpetual license: the software will run indefinitely and will NOT automatically terminate at the end of the renewal period. Includes 1 year of support and upgrades with initial purchase. Software does automatically renew annually to renew your support and upgrades."

Which means you have to remember to find the off button for automatic updates or be very careful around the time your purchase expires to make sure it doesn't auto-update.

[hartiberlin]

Could it be, that it only comes up,
if one is posting a message ?

Somehow I had it also again but very weirdly very
few times only...
Hmm..
I don´t find any hidden code in any script blocks yet..

[hansvonlieven]

May 11, 2009, 02:10:39 AM

I just had it coming up after posting a message. Strangely though it did not come up on the browser that showed the OU pages but booted up the browser a second time (firefox)

Hope that helps

Hans

[hartiberlin]

Sorry Stefan,

I forget you're on a hosting server.

I've gone to servage.net and looked at the options and features of the account and the only user configurable security I see is the ability to use an .htaccess file for per directory permissions.

The only other thing I can see is to really explore the web based administration panel and see if there is host.deny or any other access control method available to you there.

I'm looking into the PHP Firewallscript and I think it's your best bet if your site management actions are limited, but remember to ask tech support if there are any other options as they will know their  environment best.

EDIT:

This is from the wiki @ servage:

How do I deny one/multiple IP-adresses/hostnames/domains with .htaccess files?

Copy these lines below into a .htaccess file:

AuthName "Access for webmaster only."
AuthType Basic
<Limit GET POST>
order deny,allow
deny from all
allow from 11.222.123.99
</Limit>

Doesn´t these lines only allow one IP adress
11.222.123.99
to access the whole website ?

Or is it a code to allow  access to edit
the file

.htaccess

only itsself ?

about Firewallscript:

FireWall Script requires PHP5 and ioncube to run. ioncube loaders are included with the software, however there is still a possibility your host will need to load ioncube via php.ini, depending on the server configuration.

Our software does not use any database engine at this time.

2 things a re a little worrisome. There have been no new posts in the forum since Sept. 2008 and:

"Perpetual license: the software will run indefinitely and will NOT automatically terminate at the end of the renewal period. Includes 1 year of support and upgrades with initial purchase. Software does automatically renew annually to renew your support and upgrades."

Which means you have to remember to find the off button for automatic updates or be very careful around the time your purchase expires to make sure it doesn't auto-update.

Yes, the license aggreement is not too good and I find it also too expensive.

So I am still looking for an open source or free or cheaper
solution.
The problem is, that I probably have to access to the IPTables,
so I can not run software like PHP Firewall generator or the other
programs that you suggested.